diff options
| author | Ben Ford <ben.ford@puppetlabs.com> | 2015-10-19 14:52:46 -0700 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-10-29 15:49:07 +0100 |
| commit | 3be9d2c422b8651498abec3a2ee9bb6a3685f040 (patch) | |
| tree | 807a38b8b6e91319cc1b2ff8e2d31d0391f9ad59 /lib/gitlab/regex.rb | |
| parent | ae99720a40b8e0700891f5828c1a93bcc7673e04 (diff) | |
| download | gitlab-ce-3be9d2c422b8651498abec3a2ee9bb6a3685f040.tar.gz | |
Add ability to create directories in the editor
Simply type a name with a `/` directory separator and new directories
will be created. This does not do the fancy UI work that github.com
does, but it will get the job done.
I could not find tests for file creation, so I didn't add a test for
this slight behaviour modification. I did test directory traversals
though, using both absolute paths like `/tmp/foo.txt` and relative paths
like `../../foo.txt`. Neither case escaped the repository, though
attempting to traverse with a relative path resulted in a 500 error that
did not affect application stability upon reload.
Diffstat (limited to 'lib/gitlab/regex.rb')
| -rw-r--r-- | lib/gitlab/regex.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb index 9f1adc860d1..53ab2686b43 100644 --- a/lib/gitlab/regex.rb +++ b/lib/gitlab/regex.rb @@ -51,6 +51,23 @@ module Gitlab "can contain only letters, digits, '_', '-' and '.'. " end + def file_path_regex + @file_path_regex ||= /\A[a-zA-Z0-9_\-\.\/]*\z/.freeze + end + + def file_path_regex_message + "can contain only letters, digits, '_', '-' and '.'. Separate directories with a '/'. " + end + + + def directory_traversal_regex + @directory_traversal_regex ||= /\.{2}/.freeze + end + + def directory_traversal_regex_message + "cannot include directory traversal. " + end + def archive_formats_regex # |zip|tar| tar.gz | tar.bz2 | |